The Iconoclast

The FBI director and a Republican congressman sketched out a far-reaching plan this week for warrantless surveillance of the Internet.

During a House of Representatives Judiciary Committee hearing, the FBI's Robert Mueller and Rep. Darrell Issa of California talked about what amounts to a two-step approach. Step 1 involves asking Internet service providers to open their networks to the FBI voluntarily; step 2 would be a federal law forcing companies to do just that.

Both have their problems, legal and practical, but let's look at step 1 first. Issa suggested that Internet providers could get "consent from every single person who signed up to operate under their auspices" for federal police to monitor network traffic for attempts to steal personal information and national secrets. Mueller said "legislation has to be developed" for "some omnibus search capability, utilizing filters that would identify the illegal activity as it comes through and give us the ability to pre-empt" it.

These are remarkable statements. The clearest reading of them points to deep packet inspection of network traffic--akin to the measures Comcast took against BitTorrent and to what Phorm in the United Kingdom has done, in terms of advertising--plus additional processing to detect and thwart any "illegal activity." (See the complete transcript here.)

"That's very troubling," said Greg Nojeim, director of the project on freedom, security, and technology at the Center for Democracy and Technology. "It could be an effort to achieve, through unknowing consent, permission to monitor communications in a way ... Read more

When the FBI suggested that it should be able to perform wide-scale Internet monitoring to detect "illegal activity" on Wednesday, the bureau raised more questions than it answered.

To help clear things up, we're providing the transcript of FBI Director Robert Mueller's exchange at a House of Representatives hearing with Rep. Darrell Issa, a California Republican. Issa made his fortune by founding Directed Electronics, a publicly traded company that sells car alarms and home theater loudspeakers.

Issa also is a member of the House Intelligence Committee, which is holding a closed hearing on Thursday devoted to the Bush administration's so-called Cyber Initiative. In January, President Bush signed a pair of secret orders--National Security Presidential Directive 54/Homeland Security Presidential Directive 23--that apparently deal with detecting and preventing Internet disruptions.

Here's the relevant section of the transcript from the House Judiciary hearing on Wednesday:

Rep. Issa: Director, there isn't enough time in five minutes to open and close the subject of the Cyber Initiative, but this committee, in my opinion, is going to be the lead committee on, ah, the actual effectiveness of that initiative. As we both know it's compartmented, highly classified. But I'd like to concentrate just on what laws or changes that you would need from this committee if you were to do the following, and I'll set out a scenario.

If you go into a place and there's a crime actively being committed, let's say there's ... Read more

FBI director Robert Mueller calls for new federal data retention laws forcing Internet companies to keep records of what their customers are doing, but without providing details. Several politicians endorsed the idea during a hearing on Tuesday.

(Credit: Anne Broache/News.com)

WASHINGTON--The FBI and multiple members of Congress said on Wednesday that Internet service providers must be legally required to keep records of their users' activities for later review by police.

Their suggestions for mandatory data retention revive a push for potentially sweeping federal laws--which civil libertarians oppose--that flagged last year after the resignation of Attorney General Alberto Gonzales, the idea's most prominent proponent.

FBI Director Robert Mueller told a House of Representatives committee that Internet service providers should be required to keep records of users' activities for two years.

"From the perspective of an investigator, having that backlog of records would be tremendously important if someone comes up on your screen now," Mueller said. "If those records are only kept 15 days or 30 days, you may lose the information you may need to bring that person to justice."

Also lending their support for data retention were Rep. Ric Keller, R-Fla., who said that Internet chat rooms were crammed with sexual predators, and Rep. Lamar Smith of Texas, the senior Republican on the House Judiciary committee and a previous data retention enthusiast. Rep. John Conyers, the senior Democrat and chairman, added that any proposed data retention legislation submitted by the FBI "would be most welcome."

Carnegie Mellon's Michael Shamos, pictured here in his home in Pittsburgh, says that paper trails are hardly the solution to worries about the security of electronic voting machines, and when mandated by law, stifle further research.

(Credit: Declan McCullagh/News.com)

PITTSBURGH--Many computer scientists have been arguing for years that electronic voting machines absolutely must sport paper trails that can be verified by the voter and subsequently used in manual recounts.

It's a formal policy position of the U.S. arm of the Association for Computing Machinery, the professional organization of computer scientists. Stanford University's David Dill even created the pro-paper-trail Verified Voting Foundation and has co-authored an article for us that argues against Internet voting, too.

But support of paper trails is not unanimous. Michael Shamos, a professor of computer science at Carnegie Mellon University who teaches an e-voting class and has been a consultant to the Pennsylvania government since 2004, believes that electronic methods of tabulating votes actually tend to be more secure than paper-based ones.

In addition to reviewing the source code of some electronic voting systems under nondisclosure agreements, Shamos has been an e-voting consultant for Texas and Nevada. An April 2004 paper he wrote says that e-voting systems do have risks but paper isn't the answer (and suggests alternatives). In it, he quips that out of a million or so computer scientists and mathematicians, only 100 or so have signed a statement calling for paper trails; it drew an angry response ... Read more

WASHINGTON -- The FBI is pressuring states to become more secretive and limit even routine oversight of the bureau's data-sharing arrangements with local police, a new document shows.

A memorandum of understanding written by the FBI and signed by the state of Virginia in February 2008 aims to curb congressional and press oversight of a joint venture called a Fusion Center. Here's more on Fusion Centers.

The memorandum, obtained by the Electronic Privacy Information Center and released on Friday, says that any "disclosure" to Congress of information shared with the Fusion Center can happen only "after consultation with the FBI." It also says that requests from media organizations even for non-classified material made under Virginia's open government laws will be referred to the FBI and then strongly opposed.

It also indicates that the FBI is responsible for a Virginia state bill called HB1007 -- introduced two days after the FBI signed the memorandum on January 6 -- that would exempt the Fusion Center from open government laws.

That bill is worrisome. It rewrites open government laws to say that even non-classified statistics about the total number of investigations targeting "an individual who or organization which is reasonably suspected of involvement in criminal activity" will be exempt from disclosure to news organizations and the public.

Nobody wants truly confidential or classified information to be disclosed (except, perhaps, to the historians of the next generation). But the Virginia proposal goes too far, and exempts even reports and statistics that ... Read more

Fans of home automation systems controlled by a personal computer like to speculate about how their software might be able to snare intruders. An Indiana man named Fred Thompson actually did it.

Court documents show the story started after Thompson's home in Fort Wayne, Ind., was burglarized. Thompson responded by setting up a video camera hooked up to his computer and configured it to remotely notify him when motion was detected when the house was supposed to be empty.

On October 10, 2006, the system notified Thompson that movement was detected. He jumped in his car, called the police, and headed home.

Thompson and Officer Stephanie Souther found that the house's front door was unlocked and a window in the rear was open, but that nobody was actually inside. The recorded video showed a man entering from the rear of the house, unlocking the front door to let someone else in, and then the two walked around inside. An eight-foot piece of copper pipe was missing.

After the police failed to turn up any leads, Thompson posted the video on YouTube a week later with the title "Burglars Caught in Fort Wayne." It now appears to be deleted. Detective Everett D. White of the Fort Wayne Police Department's Neighborhood Response Team--who was off-duty and at home--happened to notice it.

He showed it to his colleagues at work the next day, and one recognized the two men.

On November 16, 2006, Richard Klaff was charged with felony burglary ... Read more

The annals of history are replete with examples of teenage angst and unrequited love. It took the state of New York to make those a crime.

State prosecutors decided to charge Isaiah Rodriguez, 18, of aggravated harassment and endangering the welfare of a child over a series of MySpace.com messages professing his ardent devotion to a 14-year-old girl.

The messages said, in part: "I love you;" "we need to be together;" I will see you every day;" and "I will never stop trying to talk to you."

That, according to the solons in the New York state attorney general's office, amounts to a violation of Section 240.30 of the state penal code. It says: "A person is guilty of aggravated harassment in the second degree when, with intent to harass, annoy, threaten or alarm another person...causes a communication to be initiated by...electronic means...in a manner likely to cause annoyance or alarm."

Fortunately, the New York City criminal court thought otherwise. In a ruling on April 4, Judge Michael Gerstein in Brooklyn wrote this, which I've excerpted (thanks to Santa Clara University law professor Eric Goldman for the tip):

The words "we need to be together;" "I will never stop talking to you;" and "I love you" are not threats, but appear to be merely the symptoms of unrequited love--the same hopeless affection that, among countless others, Dante felt for Beatrice; Don Quixote for Dulcinea; Cyrano for Roxane; Quasimodo for Esmeralda; Young Werner for ... Read more

View Larger Map

A Pittsburgh couple is suing Google because photographs of their home are appearing on the company's street view service.

The lawsuit, filed in Allegheny County court on April 2, claims there was a private road sign on their street that Google should have honored. It claims that Google's "reckless conduct" has "exposed plaintiff's private information to the public."

Looking at the turnoff to Pittsburgh's Oakridge Lane on Google Street View, though, shows a street sign but no obvious private road warning--meaning that, perhaps, any sign didn't exist when the Google van drove by.

In addition, photographs of the house appear on the county's Web site, as well as the assessed value of Aaron and Christine Boring's home and the lot size.

In general, of course, photographs taken of homes from the public street (or the air) are perfectly legal and protected by the First Amendment's freedom of the press. Barbra Streisand learned this when she sued a California aerial-mapping site--but was forced instead to write a check to the defendants for $177,107.54 in legal fees and court costs. I wouldn't be too surprised if this lawsuit turns out much the same way.

The Recording Industry Association of America says a New York judge's ruling earlier this week really wasn't much of a setback for them. In fact, they say they don't mind it much at all.

This is my article from Tuesday to which the RIAA is responding. And here's e-mail from Wednesday that I was asked to attribute to the RIAA's lawyers, which I've reproduced in full:

The statement in the very first sentence of the posting that the court requires the record companies 'to demonstrate that unlawful copying took place' is entirely inaccurate and is precisely the opposite of what the court held. The court specifically held that proof of actual copying or actual dissemination is not required, and that simply making the work available for copying can be a distribution as long as the work was offered 'for purposes of further distribution.' Contrary to the thrust of the article, the court did in fact agree with the record companies that "making available" a copyrighted work under those circumstances is an infringement. But in any event, we download complete copies of songs from the individual defendants in all our user lawsuit cases, thereby rendering the entire "making available" issue irrelevant.

It's true that U.S. District Judge Kenneth Karas said that an "offer to distribute" can amount to a distribution (which helps the RIAA). But Karas rejected the RIAA's argument that a Kazaa user who "made available" copyrighted music necessarily violated the ... Read more

This map, updated earlier Wednesday by Homeland Security, shows all states as green--meaning no new air travel or federal building hassles on May 11. Current hassles will continue. The next deadline is December 31, 2009.

WASHINGTON--In the long-running Real ID staring match, the U.S. Department of Homeland Security ended up being the first to blink.

Homeland Security announced Wednesday that all 50 states and the District of Columbia will be technically Real ID-compliant by the May 11, 2008 deadline--even though many states actually have rejected the concept and have zero plans to embrace a national ID card.

This means Americans will face no new hassles when using their drivers licenses to enter federal buildings or fly on airplanes starting on May 11. That's a good thing.

But the way this turned out is so odd it's worth repeating. States including New Hampshire, Maine, South Carolina, Oklahoma, Washington, and Montana have enacted laws saying "hell no we'll never comply with Real ID." And Homeland Security officials carefully ignored those public votes of condemnation, instead pretending that those states really intend to acquiesce by the next major deadline of December 31, 2009. (See our special report on Real ID from earlier this year.)

"Now they've got 18 months to actually finish the process of being able to issue the cards that will meet the requirements," Homeland Security Secretary Michael Chertoff told a small group of reporters and bloggers here on Wednesday. "We will have to watch this ... Read more